Packed.Win32.PePatch.ko removal

Malware Removal

The Packed.Win32.PePatch.ko is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Packed.Win32.PePatch.ko virus can do?

  • Repeatedly searches for a not-found process, may want to run with startbrowser=1 option
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • Sniffs keystrokes
  • Installs itself for autorun at Windows startup
  • Network activity detected but not expressed in API logs

Related domains:

z.whorecord.xyz
a.tomx.xyz

How to determine Packed.Win32.PePatch.ko?


File Info:

crc32: BE5E1A3A
md5: 974c9f5f6b1e88b52067f731e83be054
name: 974C9F5F6B1E88B52067F731E83BE054.mlw
sha1: 421e0355bb98b94e731f68ac615158a1064605e8
sha256: 096c1348f6df70ddbea7dfc541baf2ed3087e509a42511e5c9119526eb435ec3
sha512: 7eac98c9fa2d1f33a11f1026f06b2fc3c23795b0e3daec5b1ccb3a2fbd7a0a43ed755ad6670eed7f01ad7d249f6c6aed3ee9015f624de146475362f3fe4dabfa
ssdeep: 12288:kPOamXe23PcKC1PQS/3/1aIAyk0yW/ygG37uq:kiu23PjC1QO3/1aIAyjyW//G3b
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

LegalCopyright: x672cx6e90x7801x6765x81eawww.xiaodao.la
FileVersion: 1.0.0.0
CompanyName: x672cx6e90x7801x6765x81eawww.xiaodao.la
Comments: x672cx6e90x7801x6765x81eawww.xiaodao.la
ProductName: x6613x8bedx8a00x7a0bx5e8f
ProductVersion: 1.0.0.0
FileDescription: x672cx6e90x7801x6765x81eawww.xiaodao.la
Translation: 0x0804 0x04b0

Packed.Win32.PePatch.ko also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 001684701 )
Elasticmalicious (high confidence)
MicroWorld-eScanTrojan.GenericKD.47076247
ALYacTrojan.GenericKD.47076247
CylanceUnsafe
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_90% (W)
K7GWTrojan ( 001684701 )
Cybereasonmalicious.5bb98b
BaiduWin32.Trojan.KillAV.f
CyrenW32/Trojan.CLL.gen!Eldorado
SymantecTrojan.KillAV
ESET-NOD32a variant of Win32/Disabler.NAV
APEXMalicious
AvastWin32:AutoRun-BRF [Wrm]
ClamAVWin.Trojan.Generic-9779041-0
KasperskyPacked.Win32.PePatch.ko
BitDefenderTrojan.GenericKD.47076247
NANO-AntivirusTrojan.Win32.PePatch.egmvxo
TencentWin32.Trojan.Killav.Hssi
Ad-AwareTrojan.GenericKD.47076247
SophosMal/Generic-S
ComodoPacked.Win32.Packer.~GEN@1oh172
BitDefenderThetaGen:NN.ZexaF.34170.Uu0@ayw@BAjb
VIPRETrojan.Win32.Generic!BT
TrendMicroBKDR_HUPIGON.JSF
McAfee-GW-EditionBehavesLike.Win32.CoinMiner.bh
FireEyeGeneric.mg.974c9f5f6b1e88b5
EmsisoftTrojan.GenericKD.47076247 (B)
SentinelOneStatic AI – Malicious PE
JiangminHeur:Trojan/AntiAV
AviraBDS/Hupigon.ctc
eGambitUnsafe.AI_Score_99%
Antiy-AVLTrojan/Generic.ASCommon.FA
MicrosoftTrojan:Win32/Avkill.E
GDataWin32.Trojan.PSE.11B5R9D
AhnLab-V3Unwanted/Win32.HackTool.R187811
McAfeeArtemis!974C9F5F6B1E
MAXmalware (ai score=85)
VBA32Trojan.Wacatac
MalwarebytesTrojan.FlyStudio
PandaTrj/CI.A
TrendMicro-HouseCallBKDR_HUPIGON.JSF
RisingTrojan.Killav!1.9D3A (CLASSIC)
YandexTrojan.GenAsa!qQpghn3FvAk
FortinetW32/PePatch.KO!tr
AVGWin32:AutoRun-BRF [Wrm]
Paloaltogeneric.ml

How to remove Packed.Win32.PePatch.ko?

Packed.Win32.PePatch.ko removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment